0

On Ubuntu 20.04 I've installed InspIRCd (which seems to work fine as-is) and added to its config:

<module name="m_ldapauth.so">
<ldapauth baserdn="dc=nodomain"
          attribute="cn"
          server="ldap://127.0.0.1"
          killreason="nice try"
          searchscope="subtree"
          binddn="cn=admin,dc=nodomain"
          bindauth="123456"
          verbose="yes"
          userfield="no" >

According to Wireshark the client sends PASS 123456 and NICK aklimov, but the server kicks me out (w/ "nice try"). Even more strange: according to Wireshark (-f port 389) there's no LDAP traffic at all.

Al Klimov
  • 88
  • 8
  • is ldap listening on 127.0.0.1? – natxo asenjo Nov 13 '21 at 13:33
  • Even on 0.0.0.0. – Al Klimov Nov 13 '21 at 14:45
  • so can you login with ldapsearch and get results? – natxo asenjo Nov 13 '21 at 15:32
  • I've even created aklimov:123456 w/ phpldapadmin. – Al Klimov Nov 13 '21 at 16:40
  • 1
    that's not the answer to my question ;), what I mean is, can you use a ldap client, like the cli tool ldapsearch, to log in and get results to ldap://127.0.0.1 ? – natxo asenjo Nov 13 '21 at 20:06
  • The phpldapadmin client also lists.. everything to me. – Al Klimov Nov 13 '21 at 21:38
  • could you try this on the inspircd host: ldapsearch -x -b dc=nodomain -H ldap://127.0.0.1 -D cn=admin,dc=nodomain -W and post the results back? – natxo asenjo Nov 14 '21 at 08:57
  • also, I have zero experience with this irc software, but according to the docs (https://docs.inspircd.org/3/modules/ldapauth/) you should use instead of – natxo asenjo Nov 14 '21 at 09:00
  • ``` dn: dc=nodomain objectClass: top objectClass: dcObject objectClass: organization o: nodomain dc: nodomain dn: cn=admin,dc=nodomain objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9cTBVYmk1SFVwbEszTW9lczlQckl0U1IyaHdRTVE3RC8= dn: cn=aklimov,dc=nodomain cn: aklimov objectClass: inetOrgPerson objectClass: top userPassword:: e1NTSEF9OFdpNUdBZUJvM21TUUkvbTRNdHdtYWtnMVArYkJtNjQ= sn: Klimov search: 2 result: 0 Success ``` – Al Klimov Nov 14 '21 at 09:14
  • `` gives the same result. – Al Klimov Nov 14 '21 at 09:15
  • could you try this: ldapsearch -x -b dc=nodomain -H ldap://127.0.0.1 -D cn=admin,dc=nodomain -W cn? So I want to see only the cn attribute – natxo asenjo Nov 14 '21 at 11:22
  • # nodomain dn: dc=nodomain # admin, nodomain dn: cn=admin,dc=nodomain cn: admin # aklimov, nodomain dn: cn=aklimov,dc=nodomain cn: aklimov # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 – Al Klimov Nov 14 '21 at 11:51
  • thanks, looks like the ldap host is working, so the issue must lie inside the application itself. Time to open an issue at https://github.com/inspircd/inspircd/issues – natxo asenjo Nov 14 '21 at 12:16

0 Answers0